webauthn Replace in-field string metadata with resource-level default fields

Replace in-field string metadata with resource-level default fields

Open emlun opened this issue 6 months ago • 4 comments

This addresses #1643:

We request that you do the following:

Remove the in-field encoding of language metadata using Unicode tag characters

Remove the in-field encoding of string direction using strongly directional marks

Add a document-level field for the document language and a document-level field for default direction; such fields would be optional, since you have an installed base

New language and direction attributes on PublicKeyCredentialUserEntity seems like the most appropriate implementation of a "document-level field", since these are the only natural language string parameters we have. The new attributes won't work with currently existing CTAP authenticators, but their processing is specified as "best-effort" (at least that's the intent) so RPs should be aware that they might not work.

The following tasks have been completed:

[ ] Modified Web platform tests (link)

Implementation commitment:

[ ] WebKit (link to issue)
[ ] Chromium (link to issue)
[ ] Gecko (link to issue)

Documentation and checks

N/A ~~Affects privacy~~
N/A ~~Affects security~~
N/A ~~Updated explainer~~

Preview | Diff

Apr 09 '25 16:04 emlun

webauthn webauthn copied to clipboard

Replace in-field string metadata with resource-level default fields

webauthn
webauthn copied to clipboard